Forum Discussion

RasGhz_297176's avatar
RasGhz_297176
Icon for Nimbostratus rankNimbostratus
Oct 27, 2016

Realtime policy builder

Hi,

 

I'd like to know once we created the ASM policy and moved into bloking mode, should we disable realtime policy builder or leave it enable forever? If we disable that, is there a concern for new signatures and features being added with updates or not?

 

3 Replies

  • It really depends on your environment. Be aware that the RPB will analyze your traffic and modify your policy even after moving to blocking mode. This is not always desirable.

     

    If you turn off RPB, you will need to make any future changes to your policy manually.

     

    Note that depending on your traffic and your site, RPB may never actually move to 100%.

     

  • Hi,

     

    Thanks for the response.

     

    So if we have the RPB disabled, what happens to newly added signatures. I know the new signatures will go to staging, but what if a new signature is having impact on application operation after the staging period is over? Is that signature going to be disabled automatically or there has to be some manual work?

     

    • Chris_Grant's avatar
      Chris_Grant
      Icon for Employee rankEmployee

      Signature updates are completely independent of RPB. You would need to manually work with them regardless of the RPB settings. RPB will help build your policy whitelist, while the Signatures are a blacklist that is built and maintained by F5 Networks. You can choose which signatures to enable or disable, and you can create custom signatures, but that must be handled largely outside of RPB. It has no impact either way on signature staging.